A New and Better AML Regime?

On February 16, 2017, The Clearing House (a banking association and payments company that is owned by twenty-five of the largest commercial banks) released a report entitled A New Paradigm: Redesigning the U.S. AML/CFT Framework to Protect National Security and Aid Law Enforcement. The report analyzes the current effectiveness of the U.S. anti-money laundering/counter-terrorism financing (AML/CFT) regime, identifies fundamental problems, and proposes a series of reforms to address them. It is the output of two closed-door sessions held in 2016 that were attended by sixty senior former and current officials from law enforcement, national security, bank regulation and domestic policy; leaders of prominent think tanks in the areas of economic policy, development, and national security; consultants and lawyers practicing in the field; fintech CEOs; and the heads of AML/CFT at multiple major financial institutions.

The report concludes, in effect, that the current U.S. AML/CFT Framework is based on an amalgam of sometimes-conflicting requirements and focuses more on process than outcomes, and that combatting money laundering and terrorist financing continues to be hindered by communication barriers between law enforcement and the financial services industry, and among financial institutions themselves.

What the report advocates in two sets of recommendations – those for immediate implementation and those for further study – is a complete overhaul of the existing regulatory and supervisory regime. Specifically, the report identifies seven reforms for immediate action:

AML/CFT supervision should be rationalized by having the Financial Crimes Enforcement Network (FinCEN) reclaim sole supervisory responsibility for large, multinational financial institutions and by requiring the Department of Treasury, through its Office of Terrorism and Financial Intelligence (TFI), and FinCEN to establish a robust and inclusive annual process to establish AML/CFT priorities. The perceived benefits of these actions would be (a) greater focus on outcomes and the development of useful information to law enforcement, as opposed to the process-based approach taken by prudential supervisors, and (b) better alignment between law enforcement objectives and financial institutions’ AML/CFT programs.

Congress should enact legislation, already pending in various forms, that prevents the establishment of anonymous companies and requires the reporting of beneficial owner information at the time of incorporation. Not to be confused with the FinCEN Customer Due Diligence (CDD) requirements that will obligate financial institutions, by May 2018, to collect beneficial ownership on legal entities, this recommendation is intended to require the collection of beneficial ownership at the time of company incorporation and whenever such information changes, and to make this information routinely available to FinCEN, law enforcement and financial institutions. This would shift the burden of gathering beneficial ownership information from the financial services industry to governmental bodies that incorporate these entities and, thus, free up financial services resources and allow them to spend more time on the detection of illicit activity.

The Treasury TFI Office should strongly encourage innovation, and FinCEN should propose a safe harbor rule allowing financial institutions to innovate in a financial intelligence unit (FIU) “sandbox” without fear of examiner sanction. This would apply not only to large, multinational financial institutions that, through their direct collaboration with FinCEN, would presumably be leaders in innovation, but also to other financial institutions, which may have been reluctant to innovate for fear of their prudential regulators not being willing to accept new and different approaches.

Policymakers should de-prioritize the investigation and reporting of activity of limited law enforcement or national security interest. This could be accomplished by raising the SAR reporting thresholds; eliminating SAR filings for insider abuse; and reviewing all existing SAR reporting guidance for relevancy (e.g., why should large financial institutions need to file SARs on cyberattacks when they typically engage in real-time communications with law enforcement when such attacks occur?). As with other recommendations, the impetus here is to free up resources to focus on what is really important.

Policymakers should further facilitate the flow of raw data from financial institutions to law enforcement to assist with the modernization of the current AML/CFT technological paradigm. This would allow FinCEN to use big data analytics to identify illicit activity that cannot be detected by an individual financial institution.

Regulatory or statutory changes should be made to the safe harbor provision in the USA PATRIOT Act (Section 314(b)) to further encourage information sharing among financial institutions, including the potential use of shared utilities to allow for more robust analysis of data. These changes should: (a) make it clear that information sharing extends to financial institutions’ attempts to identify suspicious activity and is not limited to sharing information about potential suspicious activity – e.g., information sharing might apply during the onboarding process when a financial institution may have questions about or find gaps in information provided by a prospective client; (b) broaden the safe harbor to other types of illicit activity beyond money laundering and terrorist financing; and (c) extend the safe harbor to technology companies and other nonfinancial services companies to allow for greater freedom to develop information-sharing platforms.

Policymakers should enhance the legal certainty regarding the use and disclosure of SARs. The perceived benefits of allowing broader sharing of SAR information within a financial institution, including cross-border sharing, would be better transaction monitoring and higher quality SARs that provide more useful information for law enforcement.

Areas identified for additional study include:

Exploring the broader use of AML/CFT utilities to promote information sharing, and address barriers that hamper their use

Balancing and clarifying the responsibilities of the public and private sectors for preventing financial crime

Establishing a procedure for “no action” letters whereby financial institutions could query FinCEN to determine how it would react to certain facts and circumstances

Providing the financial services industry with clearer standards of what constitutes an effective AML/CFT program

Improving coordination among the governmental players with a stake in combating money laundering and terrorist financing, and

Modernizing the SAR reporting regime to provide additional guidance on when to file or not file a SAR.

While there are pros and cons to be debated on many of the recommendations, the report, in summary, reveals the long-standing frustration of both the financial services industry and law enforcement with the current regime’s ineffectiveness. Financial institutions, with limited direction from the government, invest huge sums of money and dedicate large teams of people to “find the needle in the haystack” only to find their compliance efforts are often criticized by their regulators, even in the absence of actual wrongdoing. Law enforcement, for its part, tries to manage large volumes of information presented to it in the form of required reports from the financial services industry, much of which not very useful in identifying the real criminals and risks. The solution seems simple: communication and coordination. Effecting that solution will likely prove difficult, especially in the short term with a new administration that has already staked out an aggressive regulatory reform agenda. But, that doesn’t mean it’s not worth trying.